Enabling security for the Console Server

This topic provides instructions for enabling security for all actions that you perform using the product interface or the CLI.

Before you begin

  • Ensure that you have generated a KeyStore in the JKS format. For more information, see Generating-a-KeyStore-and-TrustStore.
  • Ensure that you have generated a self-signed certificate.

To enable security for the Console Server

  1. Locate the server.xml file at one of the following locations:
    • Windows: %BMC_ITDA_HOME%\tomcat\conf
    • Linux: $BMC_ITDA_HOME/tomcat/conf
  2. In the server.xml file, perform the following steps and save the changes.

    1. Locate and uncomment the following line:

      <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
      maxThreads="150" scheme="https" secure="true" clientAuth="false"
      sslProtocol="TLS" /> 
    2. Replace the port 8443 with 9443.

    3. Add the keystoreFile="keystoreFilePath" keystorePass="keystorePassword" property with the appropriate values, depending on the KeyStore that you generated earlier (see the following example).

       

      <Connector port="9443" protocol="HTTP/1.1"
      SSLEnabled="true" keystoreFile="keystore_file_path"
      keystorePass="changeit"
      maxThreads="150" scheme="https" secure="true"
      clientAuth="false" sslProtocol="TLS" /> 
  3. Locate the olaengineCustomConfig.properties file and searchserviceCustomConfig.properties at the following location:
    • Windows: %BMC_ITDA_HOME%\custom\conf\server
    • Linux: $BMC_ITDA_HOME/custom/conf/server
  4. In the olaengineCustomConfig.properties file, add the following properties:
    • consoleserver.protocol=https
    • consoleserver.port=9443
    • searchservice.port=9443
  5. In the searchserviceCustomConfig.properties file, add the following properties:
    • consoleserver.protocol=https
    • searchservice.port=9443

  6. Import the self-signed certificate into the Console Server's Java Runtime Environment (JRE) by using the following command:

    keytool -import -trustcacerts -alias <HostName-or-IP> -keystore $BMC_ITDA_HOME/jre/lib/security/cacerts -file <Certificate-Path>
    In this command, the following variables apply:

    • <HostName-or-IP> refers to the host name or IP address of the computer on which the Console Server is located.
    • <Certificate-Path> refers to the absolute path to the self-signed certificate of the Console Server.
  7. Re-start the Console Server. For more information, see Starting-or-stopping-product-services.
  8. Log on to the product in a supported browser.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*